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DETAILED ACTION 

1 . A request for continued examination under 37 CFR 1.114, including tlie fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 2/1/08 
has been entered. 

2. Claims 1, 5, 8, 16, 18-19, 26, 28, 35, 41 have been amended. Claims 4 and 17 
have been cancelled. New claim 44 has been added. Claims 12-15, 21-25 and 30-34 
have been withdrawn. Claims 1-3, 5-11, 16, 18-20, 26-29 and 35-44 are pending. 

Response to Arguments 

3. Applicant's arguments filed 2/1/08 with respect to the claims 1 , 26, 35 and 41 
have been fully considered but they are not persuasive. Applicant's arguments with 
respect to claim 3 have been considered but are moot in view of new grounds of 
rejection. 

4. In response to the applicants arguments the following comments are made: 
The applicant argued that Jones discloses creating a hash value by "applying a 

hash function to the method string name and the parameter type list. "...Jones 
nevertheless discloses the creation by applying a hash to a single "method string name" 
and "a parameter type list" rather than creating a signature based on "a plurality of 
function names." The Examiner respectfully disagrees. The Examiner would like to point 
out Jones teaches when a client wishes to invoke a method of a remote object located 
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on a server, the client sends the hash value identifying the particular remote method to 
the server over the RMI connection. This hash value is created by applying a hash 
function to the method string name and the parameter type list. Suppose a remote 
object is created containing the following methods: Public interface Directory {Address 
lookupAddress (string name); Address lookupAddress(Person person)} The Java 
runtime system on server creates a hash for each remote method. Each hash value is 
added with a pointer to its corresponding method to mapping table thus creating a 
method and hash value pairing in mapping table. Server can later access mapping table 
using hash value from client to identify remote method to be invoked. Therefore, Jones 
teaches generating a signature based on "a plurality of function names." 

In response to applicant's arguments against the references individually, one 
cannot show nonobviousness by attacking references individually where the rejections 
are based on combinations of references. See In re Keller, 642 F.2d 413, 208 
USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 
1986). 

Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or deschbed as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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2. Claims 1-3, 8-1 1 , 20, 26-28 and 35-42 and 44 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Garst et al. (hereinafter Garst) US Patent Number 
6,188,995 in view of Jones et al. (hereinafter) Jones U.S. Patent Number 6,629,154 and 
in view of Shaughnessy U.S. Patent 6,026,235. 
As per claim 1 : 

Garst teaches a method for managing access to resources, comprising: 
generating a list of resource signatures; (col. 5, line 67-col. 6, line 2) accessing the list 
of resource signatures, each of the resource signatures configured with accessibility 
status, wherein the accessibility status includes one of loadable and restricted; (col. 5, 
line 67-col. 6, line 2) generating a verification signature for a requested resource; (col. 6, 
lines 3-15) comparing the verification signature for the requested resource to the list of 
resource signatures; (col. 6, lines 3-15) executing the requested resource if the 
resource signature matches the verification signature and the accessibility status is 
loadable; and preventing the requested resource from execution if the resource 
signature matches the verification signature and the accessibility status is restricted, 
(col. 6, lines 15-20) In addition, Garst further teaches license string specifies the names 
of the program licensed, (col. 5, lines 15-20) Garst does not explicitly teach a signature 
being generated at least on function names included in an import table of a 
corresponding resource. Jones in analogues art, however, teaches a signature being 
generated at least on function names included in a corresponding resource, (col. 5, 
lines 35-67; col. 1 1 , lines 15-35) Therefore it would have been obvious to one ordinary 
skill in the art at the time the invention was made to modify the method disclosed by 
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Garst with Jones in order to uniquely identify a method to invoke using a hash value 
computed. (Abstract; Jones) Both references do not explicitly disclose an import table. 
Shaughnessy in analogous art, however teaches an import table. Therefore it would 
have been obvious to one ordinary skill in the art to modify the method disclosed by 
Garst and Jones with Shaughnessy in order to determine the names and address of all 
functions in an application, (col. 4, lines 16-17; Shaghnessy) 
As per claims 2 and 40: 

The combination of Garst, Jones and Shaghnessy teaches all the subject matter 
as discussed above. In addition, Garst further teaches wherein the resources include 
applications or programs, (col. 2, lines 56-67) 
As per claims 3, 27 and 43: 

The combination of Garst, Jones and Shaghnessy teaches all the subject matter 
as discussed above. In addition, Garst further teaches each of the resource signatures 
and a verification signature is generated for enforcing software license that includes a 
dynamic link library, (col. 5, lines 1-65) In addition, Jones further teaches wherein the 
signature is generated based on one or more by applying a hash function to the method 
string names, (col. 5, lines 1-65) None of the references explicitly teach a resource 
signature is generated based further on one or more dynamic link library (DLL). It would 
have been obvious to one ordinary skill in the art to apply the technique of generating a 
signature based on one or more method names as taught by Jones, to manage access 
to resources by generating and verifying signature that includes a dynamic link library to 
improve the system of Garst for enforcing software license. 
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As per claim 8: 

The combination of Garst, Jones and Shaughnessy teaches all the subject 
matter as discussed above. Claim 8 does not further limit claim 1 , therefore, is rejected 
on the same basis as claim 1 . (see 112 rejection above) 
As per claim 9 

The combination of Garst, Jones and Shaughnessy teaches all the subject 
matter as discussed above. Claim 9 does not further limit claim 1 , therefore, is rejected 
on the same basis as claim 1 . (see 112 rejection above) 
As per claim 28 and 36-37: 

The combination of Garst, Jones and Shaughnessy teaches all the subject 
matter as discussed above. In addition, Garst teaches retrieving data from an 
executable of the requested application; and hashing organized information, (col. 5, 
lines 1-65) In addition, Shaughnessy further teaches sorting the retrieved data; and 
organizing the sorted information in a predetermined manner, (col. 4, lines 14-28) 
As per claim 10: 

The combination of Garst, Jones and Shaughnessy teaches all the subject 

matter as discussed above. In addition, Garst further teaches wherein a same 
procedure is followed to generate each of the resource signatures and to generate a 
verification signature, (col. 5, lines 36-38) 
As per claim 1 1 : 

The combination of Garst, Jones and Shaughnessy teaches all the subject 
matter as discussed above. In addition, Garst further teaches coding the generated list 



Application/Control Number: 10/625,312 Page 7 

Art Unit: 2137 

of resources signatures into a dynamic linl< library (DLL) (col. 15, lines 35-54) 
As per claims 26, 35 and 41 

Garst teaches a method of restricting particular applications, comprising: 
receiving a list of application fingerprints corresponding respectively to restricted 
applications; (col. 5, line 67-col. 6, line 2) receiving a request to execute an application; 
(col. 5, line 67-col. 6, line 2) generating a confirmation fingerprint for the requested 
application; (col. 6, lines 3-15) comparing the confirmation fingerprint to the list of 
application fingerprints; (col. 6, lines 3-15) and restricting the requested application if the 
confirmation fingerprint matches one of the application fingerprints respectively 
corresponding to restricted applications, (col. 6, lines 15-20) Garst in analogous art, 
however, discloses wherein the confirmation fingerprint is generated at least from 
function names included in an import table of the requested application. In addition, 
Garst further teaches license string specifies the names of the program licensed, (col. 5, 
lines 15-20) Garst does not explicitly teach a signature being generated at least on 
function names included in an import table of a corresponding resource. Jones in 
analogues art, however, teaches a signature being generated at least on function 
names included in a corresponding resource, (col. 5, lines 35-67; col. 11, lines 15-35) 
Therefore it would have been obvious to one ordinary skill in the art at the time the 
invention was made to modify the method disclosed by Garst with Jones in order to 
uniquely identify a method to invoke using a hash value computed. (Abstract; Jones) 
Both references do not explicitly disclose an import table. Shaughnessy in analogous 
art, however, teaches an import table. Therefore it would have been obvious to one 
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ordinary sl<ill in the art to modify the method disclosed by Garst and Jones with 
Shaughnessy in order to determine the names and address of all functions in an 
application, (col. 4, lines 16-17; Shaghnessy) 
As per claim 20: 

The combination of Garst, Jones and Shaughnessy teaches all the subject 
matter as discussed above. In addition, Garst teaches a method wherein the restricted 
applications are not licensed, (col. 6, lines 23-39) 
As per claim 38: 

The combination of Garst, Jones and Shaughnessy teaches all the subject 
matter as discussed above. In addition, Garst further teaches wherein the API is 
included in an operating system, (col. 6, lines 47-66; col. 7, line 39-col. 8, line 65) 
As per claim 39: 

The combination of Garst, Jones and Shaughnessy teaches all the subject 
matter as discussed above. In addition, Garst further teaches wherein the operating 
system runs on a web server, (col. 15, line 55- col, 16, line 13) 
As per claim 42: 

The combination of Garst, Jones and Shaughnessy teaches all the subject 
matter as discussed above. In addition, Garst further teaches downloading an updated 
list of the classified digital signatures to the operating system, (col. 1 1 , lines 26-50; col. 
15, line 55- col, 16, line 13) 

3. Claim 29 is rejected under 35 U.S.C. 103(a) as being unpatentable over as being 
anticipated by Garst et al. (hereinafter Garst) Jones et al. (hereinafter) Jones U.S. 
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Patent Number 6,629,154 and in view of Shaughnessy US Patent 6,026,235 and further 
in view of Atkinson et al. (hereinafter Atkinson) US Patent Number 5,892,904. 
As per claim 29: 

The combination of Garst, Jones and Shaughnessy teaches all the subject 
matter as discussed above. In addition Jones further teaches wherein hashing the 
organized named include performing a digest hash and a Secure Hash Algorithm 
(SHA)1 . (col. 9, lines 27-53) None of the references explicitly disclose wherein the 
instruction to hash further includes and instruction to execute an MD5 hashing 
algorithm. Atknison in analogous art, however, discloses wherein the instruction to hash 
further includes and instruction to execute an MD5 hashing algorithm, (col. 20, lines 1- 
10) Therefore it would have been obvious to one ordinary skill in the art to modify the 
method disclosed by Garst, Jones and Shaughnessy with Atkinson in order to provide a 
preferential hash algorithm, (col. 20, line 2; Atkinson) 

Allowable Subject Matter 

4. Claim 16 and 18-20 are allowed. 

5. Claim 5 is objected to as being dependent upon a rejected base claim, but would 
be allowable if rewritten in independent form including all of the limitations of the base 
claim and any intervening claims. 

6. The following is a statement of reasons for the indication of allowable subject 
matter: None of the prior art either taken singularly or in combination teach "wherein 
generating the verification signature for the requested resource includes: retrieving a 
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plurality of names from the import table, wherein the plurality of names at least include 
function name; storing the retrieved names; concatenating the sorted names and 
executing a cryptographic manipulation of the concatenated names." 
7. Claims 6-7 and 43 that are directly or indirectly dependent on claim 5 are also 
objected too. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SHEWAYE GELAGAY whose telephone number is 
(571)272-4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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